On Sat, 2018-08-18 at 22:53 +0200, Alexander Wetzel wrote:

quoted

This looks good to me from a userspace perspective.  I will try to
implement support for this in iwd soon to give you a prototype to play
with.

Sounds promising, thank you!

I'm still unsure if we really need the API changes to fix that issue:
"Tagging" the new requirements to current set_key calls would also work.
With the downside that there would be no way to detect "broken"
drivers... replace_key is basically only there to differentiate between
audited/fixed drivers and those not.

But since my current impression is, that ptk rekeys are mostly broken
independent of mac80211 or even linux a driver flag signaling support
for it sounds like a good idea regardless how we want to fix the issue
in mac80211. Just wondering if we should name it differently for that
and I'm considering renaming it to NL80211_EXT_FEATURE_CAN_REKEY_PTK0 in
the next patch.

And then keep set_key() for both, rather than adding replace_key()?
Seems reasonable to me, I guess.

As for mac80211 driver status:
The only known "really broken" driver at the moment is ath9k. With
iwlwifi, - and less thorough tested - ath10k to be ok from a driver
point of view. (ath9k needs just a driver flush as minimal fix.)

iwlwifi is also broken for CCMP-256/GCMP keys, so the situation is
slightly more complex.

johannes